My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions

Issue 1743 attachment: 0002-Don-t-add-Authorization-Bearer-TOKEN-header-if-HTTP-.patch (2.8 KB)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
From 086014e8dc4af9b19f1f437c8c38ff26d1d9e540 Mon Sep 17 00:00:00 2001
From: Aleksander Adamowski <aleksander.adamowski@gmail.com>
Date: Fri, 4 Jan 2013 03:23:44 +0100
Subject: [PATCH 2/2] Don't add "Authorization: Bearer TOKEN" header if HTTP
authentication type is employed. Fix for
http://code.google.com/p/gerrit/issues/detail?id=1743 .

Change-Id: I44596eef8e2ad0cf1f802512cd308362a8dcf147
---
.../src/main/java/com/google/gerrit/client/rpc/RestApi.java | 3 ++-
.../main/java/com/google/gerrit/httpd/CacheBasedWebSession.java | 4 ++++
2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/rpc/RestApi.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/rpc/RestApi.java
index d3c7000..ec806b7 100644
--- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/rpc/RestApi.java
+++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/rpc/RestApi.java
@@ -21,6 +21,7 @@ import static com.google.gwt.http.client.RequestBuilder.PUT;

import com.google.gerrit.client.Gerrit;
import com.google.gerrit.client.RpcStatus;
+import com.google.gerrit.reviewdb.client.AuthType;
import com.google.gwt.core.client.GWT;
import com.google.gwt.core.client.JavaScriptObject;
import com.google.gwt.http.client.Request;
@@ -279,7 +280,7 @@ public class RestApi {
final AsyncCallback<T> cb) {
RequestBuilder req = new RequestBuilder(method, url.toString());
req.setHeader("Accept", JSON_TYPE);
- if (Gerrit.getAuthorization() != null) {
+ if (Gerrit.getConfig().getAuthType() != AuthType.HTTP && Gerrit.getAuthorization() != null) {
req.setHeader("Authorization", Gerrit.getAuthorization());
}
if (contentData != null) {
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java
index 88609ea..4155f25 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java
@@ -21,6 +21,7 @@ import com.google.gerrit.httpd.WebSessionManager.Key;
import com.google.gerrit.httpd.WebSessionManager.Val;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AccountExternalId;
+import com.google.gerrit.reviewdb.client.AuthType;
import com.google.gerrit.server.AccessPath;
import com.google.gerrit.server.AnonymousUser;
import com.google.gerrit.server.CurrentUser;
@@ -97,6 +98,9 @@ public final class CacheBasedWebSession implements WebSession {
} else {
token = cookie;
}
+ if (authConfig.getAuthType() == AuthType.HTTP) {
+ okPaths.add(AccessPath.REST_API);
+ }

if (token != null) {
key = new Key(token);
--
1.7.10.4

Powered by Google Project Hosting